All Products
Search

This Product

    ApsaraDB for MongoDB:View audit logs

    Document Center

    ApsaraDB for MongoDB:View audit logs

    Last Updated:Feb 06, 2024

    This topic describes how to view audit logs on ApsaraDB for MongoDB.

    Prerequisites

    The audit log feature is enabled. For more information, see Enable the audit log feature.

    View audit logs

    1. Log on to the ApsaraDB for MongoDB console.

    2. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.

    3. In the upper-left corner of the page, select the resource group and region to which the instance belongs.

    4. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.

    5. In the left-side navigation pane of the instance details page, choose Data Security > Audit Logs.

    6. On the Mongo audit log center page, query the details of audit logs. By default, the audit logs of 15 minutes (relative) are displayed.

      You can click Refresh in the upper-right corner of the Mongo audit log center page to set the refresh frequency of audit logs.

      • Once

        Specifies to immediately refresh audit logs.

      • Auto Refresh

        Specifies to refresh audit logs every 15 seconds, 60 seconds, 5 minutes, or 15 minutes.

        Note

        If you do not want to use the auto-refresh interval specified by this parameter, choose Refresh > Close to clear the current parameter setting, and then reset this parameter.

    Filter the audit logs of an instance

    You can view the audit logs that meet specified filter conditions.

    1. Log on to the ApsaraDB for MongoDB console.

    2. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.

    3. In the upper-left corner of the page, select the resource group and region to which the instance belongs.

    4. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.

    5. In the left-side navigation pane of the instance details page, choose Data Security > Audit Logs.

    6. On the Mongo audit log center page, specify the filter conditions.

      Filter conditions

      Filter condition

      Description

      Keyword

      The keyword that is included in the audit logs you want to view. A keyword can be a client IP address, a command, a username, or other extended information.

      • The Keyword field supports exact match. You must enter complete information in the Keyword field. Examples:

        • If you want to specify an IP address as a keyword, you must enter a complete IP address such as 192.168.1.1, not a partial IP address such as 192.168 or 1.1.

        • If you want to specify a command as a keyword, you must enter a complete command such as AUTH or auth. Do not enter au.

      • If a keyword contains a colon (:), enclose the keyword in a pair of double quotation marks (""). Example: "userId:1".

      Operation Type

      The type of the operation.

      Client IP Address

      The client IP address used to connect to the ApsaraDB for MongoDB instance. Example:

      If the ECS instance is connected to the ApsaraDB for MongoDB instance over the Internet, enter the public IP address of the ECS instance.

      If the ECS instance is connected to the ApsaraDB for MongoDB instance by using a VPC connection, enter the private IP address of the ECS instance.

      Database Name

      The name of the database.

      Set Name

      The name of the collection.

      Username

      The username used to connect to the ApsaraDB for MongoDB instance.

    View the audit logs of an instance over a specified time range

    You can use the time picker to specify a time range.

    1. Log on to the ApsaraDB for MongoDB console.

    2. In the left-side navigation pane, click Replica Set Instances or Sharded Cluster Instances based on the instance type.

    3. In the upper-left corner of the page, select the resource group and region to which the instance belongs.

    4. Click the ID of an instance, or click More icon in the Actions column corresponding to the instance and select Manage.

    5. In the left-side navigation pane of the instance details page, choose Data Security > Audit Logs.

    6. On the Mongo audit log center page, click Time Range.

    7. In the Time panel, select a time range.

      Time pane

      Section

      Description

      Time details

      When you move the pointer over a time option in the Relative section or Time Frame section, the time details section displays the time range that matches the selected time option.

      Relative

      Select a time range relative to the current point in time. When you move the pointer over a time option in this section, the time details section displays the time range that maps the selected time option.

      Time Frame

      Select a time range that is accurate to the minute, hour, week, or day. When you move the pointer over a time option in this section, the time details section displays the time range that maps the selected time option.

      Custom

      Specify a custom time range. After you click OK, the custom time range is applied.

      Note

      The minimum query time is minute. To query audit logs accurate to seconds, log on to the Log Service console and enter a query or analytic statement. For more information about how to query audit logs within seconds, see Query and analyze logs.

    Related API operations

    Operation

    Description

    DescribeAuditRecords

    Queries the audit logs of an ApsaraDB for MongoDB instance.

    FAQ

    Why do I view only 2,000 audit log entries?

    The Mongo audit log center page of the ApsaraDB for MongoDB console displays a maximum of 2,000 audit log entries. To view more audit log entries, log on to the Log Service console. For more information, see Query and analyze logs.